Vulnerabilities (CVE)

Filtered by CWE-20
Total 10338 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6345 1 Linux 1 Linux Kernel 2025-04-20 4.6 MEDIUM 7.8 HIGH
The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.
CVE-2016-6206 1 Huawei 2 Ar3200, Ar3200 Firmware 2025-04-20 10.0 HIGH 9.8 CRITICAL
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.
CVE-2017-3273 1 Oracle 1 Mysql 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
CVE-2016-6243 1 Openbsd 1 Openbsd 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.
CVE-2016-4669 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 7.2 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.
CVE-2015-8538 1 Libdwarf Project 1 Libdwarf 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
CVE-2017-11673 1 Acunetix 1 Web Vulnerability Scanner 2025-04-20 7.5 HIGH 9.8 CRITICAL
Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."
CVE-2017-5092 3 Debian, Google, Microsoft 3 Debian Linux, Chrome, Windows 2025-04-20 6.8 MEDIUM 8.8 HIGH
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2017-6554 1 Quest 1 Privilege Manager 2025-04-20 9.0 HIGH 7.2 HIGH
pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.
CVE-2017-12802 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2015-7704 6 Citrix, Debian, Mcafee and 3 more 14 Xenserver, Debian Linux, Enterprise Security Manager and 11 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVE-2017-12961 1 Gnu 1 Pspp 2025-04-20 5.0 MEDIUM 7.5 HIGH
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVE-2017-15324 1 Huawei 4 S5700, S5700 Firmware, S6700 and 1 more 2025-04-20 7.8 HIGH 7.5 HIGH
Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart.
CVE-2016-10703 1 Ecstatic Project 1 Ecstatic 2025-04-20 7.8 HIGH 7.5 HIGH
A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.
CVE-2014-5362 1 Landesk 1 Landesk Management Suite 2025-04-20 6.5 MEDIUM 7.2 HIGH
The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.
CVE-2017-6141 1 F5 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default.
CVE-2015-9052 1 Google 1 Android 2025-04-20 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message.
CVE-2017-5606 1 Xabber 1 Xabber 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android).
CVE-2017-14635 1 Otrs 1 Otrs 2025-04-20 6.5 MEDIUM 8.8 HIGH
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
CVE-2017-8599 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability".